Salom, habr. Men hozirda OTUSda Tarmoq muhandisi kursi rahbariman.
Kursga yangi ro'yxatga olish boshlanishini kutish bilan , Men VxLAN EVPN texnologiyasi bo'yicha bir qator maqolalar tayyorladim.
VxLAN EVPN qanday ishlashi haqida juda ko'p materiallar mavjud, shuning uchun men zamonaviy ma'lumotlar markazida muammolarni hal qilish uchun turli xil vazifalar va amaliyotlarni to'plashni xohlayman.
VxLAN EVPN texnologiyasi bo'yicha seriyaning birinchi qismida men tarmoq to'qimasi ustidagi xostlar o'rtasida L2 ulanishini tashkil qilish usulini ko'rib chiqmoqchiman.
Barcha misollar Spine-Leaf topologiyasida yig'ilgan Cisco Nexus 9000v da bajariladi. Biz ushbu maqolada Underlay tarmog'ini o'rnatish haqida to'xtalmaymiz.
- Pastki tarmoq
- Manzil-oilaviy l2vpn evpn uchun BGP peering
- NVE sozlanmoqda
- Bostirish-arp
Pastki tarmoq
Amaldagi topologiya quyidagicha:
Keling, barcha qurilmalarda manzilni o'rnatamiz:
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20Keling, barcha qurilmalar o'rtasida IP ulanishi mavjudligini tekshiramiz:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intraKeling, VPC domeni yaratilganligini va ikkala kalit ham muvofiqlik tekshiruvidan o'tganligini va ikkala tugundagi sozlamalar bir xil ekanligini tekshiramiz:
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1BGP kuzatuvi
Nihoyat, siz Overlay tarmog'ini sozlashga o'tishingiz mumkin.
Maqolaning bir qismi sifatida quyidagi diagrammada ko'rsatilganidek, xostlar o'rtasida tarmoqni tashkil qilish kerak:
Overlay tarmog'ini sozlash uchun siz l2vpn evpn oilasini qo'llab-quvvatlagan holda Spine va Leaf kalitlarida BGP-ni yoqishingiz kerak:
feature bgp
nv overlay evpnKeyinchalik, Leaf va Spine o'rtasida BGP peeringni sozlashingiz kerak. O'rnatishni soddalashtirish va marshrutlash ma'lumotlarini taqsimlashni optimallashtirish uchun biz Spine-ni Route-Reflector serveri sifatida sozlaymiz. O'rnatishni optimallashtirish uchun shablonlardan foydalangan holda konfiguratsiyadagi barcha Leafni yozamiz.
Shunday qilib, Spine-dagi sozlamalar quyidagicha ko'rinadi:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAFLeaf kalitidagi sozlash shunga o'xshash ko'rinadi:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINESpine-da keling, barcha Leaf kalitlari bilan peeringni tekshiramiz:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0Ko'rib turganingizdek, BGP bilan hech qanday muammo yo'q edi. Keling, VxLAN-ni sozlashga o'tamiz. Keyingi konfiguratsiya faqat kalitlarning Barg tomonida amalga oshiriladi. Orqa miya faqat tarmoqning yadrosi sifatida ishlaydi va faqat trafikni uzatishda ishtirok etadi. Barcha inkapsulyatsiya va yo'lni aniqlash ishlari faqat Leaf kalitlarida amalga oshiriladi.
NVE sozlanmoqda
NVE - tarmoq virtual interfeysi
O'rnatishni boshlashdan oldin, keling, ba'zi atamalarni kiritaylik:
VTEP - Vitual Tunnel End Point, VxLAN tunneli boshlanadigan yoki tugaydigan qurilma. VTEP har qanday tarmoq qurilmasi emas. VxLAN texnologiyasini qo'llab-quvvatlovchi server ham server vazifasini bajarishi mumkin. Bizning topologiyamizda barcha Leaf kalitlari VTEP hisoblanadi.
VNI - Virtual tarmoq indeksi - VxLAN ichidagi tarmoq identifikatori. VLAN bilan o'xshashlik qilish mumkin. Biroq, ba'zi farqlar mavjud. Matodan foydalanganda VLAN-lar faqat bitta Leaf kaliti ichida noyob bo'lib qoladi va tarmoq bo'ylab uzatilmaydi. Ammo har bir VLAN u bilan bog'langan VNI raqamiga ega bo'lishi mumkin, u allaqachon tarmoq orqali uzatiladi. U qanday ko'rinishga ega va undan qanday foydalanish mumkinligi haqida keyinroq muhokama qilinadi.
Keling, VxLAN texnologiyasining ishlashi va VLAN raqamlarini VNI raqami bilan bog'lash imkoniyatini yoqaylik:
feature nv overlay
feature vn-segment-vlan-basedKeling, VxLAN ishlashi uchun mas'ul bo'lgan NVE interfeysini sozlaymiz. Ushbu interfeys VxLAN sarlavhalarida ramkalarni inkapsulyatsiya qilish uchun javobgardir. GRE uchun Tunnel interfeysi bilan o'xshashlikni chizishingiz mumkin:
interface nve1
no shutdown
host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠΈ ΠΌΠ°ΡΡΡΡΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ
source-interface loopback0 ! ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Ρ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌ ΠΏΠ°ΠΊΠ΅ΡΡ loopback0Leaf-21 kalitida hamma narsa muammosiz yaratilgan. Biroq, agar buyruqning chiqishini tekshirsak show nve peers, keyin bo'sh bo'ladi. Bu erda siz VPC konfiguratsiyasiga qaytishingiz kerak. Biz Leaf-11 va Leaf-12 juftlikda ishlashini va VPC domeni bilan birlashtirilganligini ko'ramiz. Bu bizga quyidagi vaziyatni beradi:
Xost-2 bitta kadrni Leaf-21 tomon yuboradi, shunda u tarmoq orqali Xost-1 tomon uzatadi. Biroq, Leaf-21 Host-1 ning MAC manziliga bir vaqtning o'zida ikkita VTEP orqali kirish mumkinligini ko'radi. Bu holatda Leaf-21 nima qilishi kerak? Axir, bu tarmoqda halqa paydo bo'lishi mumkinligini anglatadi.
Ushbu vaziyatni hal qilish uchun bizga Leaf-11 va Leaf-12 zavod ichida bitta qurilma sifatida ishlashi kerak. Yechim juda oddiy. Biz tunnel quradigan Loopback interfeysida ikkinchi darajali manzilni qo'shing. Ikkilamchi manzil ikkala VTEPda bir xil bo'lishi kerak.
interface loopback0
ip add 10.255.1.10/32 secondaryShunday qilib, boshqa VTEPlar nuqtai nazaridan biz quyidagi topologiyani olamiz:
Ya'ni, endi tunnel Leaf-21 IP manzili va ikkita Leaf-11 va Leaf-12 o'rtasidagi virtual IP o'rtasida quriladi. Endi ikkita qurilmadan MAC manzilini o'rganishda hech qanday muammo bo'lmaydi va trafik bir VTEP dan boshqasiga o'tishi mumkin. Ikki VTEPdan qaysi biri trafikni qayta ishlashni Spine-dagi marshrutlash jadvali yordamida hal qiladi:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intraYuqorida ko'rib turganingizdek, 10.255.1.10 manzili ikkita Next-hops orqali darhol mavjud.
Ushbu bosqichda biz asosiy ulanishni ko'rib chiqdik. NVE interfeysini o'rnatishga o'tamiz:
Keling, darhol Vlan 10-ni yoqaylik va uni hostlar uchun har bir Leafda VNI 10000 bilan bog'laymiz. Xostlar o'rtasida L2 tunnelini o'rnatamiz
vlan 10 ! ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ VLAN Π½Π° Π²ΡΠ΅Ρ
VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½Π½ΡΡ
ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Ρ
ΠΎΡΡΠ°ΠΌ
vn-segment 10000 ! ΠΡΡΠΎΡΠΈΠΈΡΡΠ΅ΠΌ VLAN Ρ Π½ΠΎΠΌΠ΅Ρ VNI
interface nve1
member vni 10000 ! ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ VNI 10000 Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ NVE. Π΄Π»Ρ ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ Π² VxLAN
ingress-replication protocol bgp ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ, ΡΡΠΎ Π΄Π»Ρ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΎ Ρ
ΠΎΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGPKeling, tengdoshlarni va BGP EVPN jadvalini tekshiramiz:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! ΠΠΈΠ΄ΠΈΠΌ ΡΡΠΎ peer Π΄ΠΎΡΡΡΠΏΠ΅Π½ Ρ secondary Π°Π΄ΡΠ΅ΡΠ°
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! ΠΡ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡΠΈΡΠ΅Π» ΡΡΠΎΡ l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠΎΡΠ΅Π΄Π°, ΠΊΠΎΡΠΎΡΡΠΉ ΡΠ°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ ΠΎΠ± l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iYuqorida biz faqat EVPN marshrut turidagi 3 marshrutni ko'ramiz. Ushbu turdagi marshrut peer (Leaf) haqida gapiradi, lekin bizning xostlarimiz qayerda?
Gap shundaki, MAC xostlari haqidagi ma'lumotlar EVPN 2-turdagi marshrut orqali uzatiladi
Xostlarimizni ko'rish uchun siz EVPN marshrut turi 2 ni sozlashingiz kerak:
evpn
vni 10000 l2
route-target import auto ! Π² ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π½ΠΎΠΌΠ΅Ρ Π΄Π»Ρ route-target
route-target export autoXost-2-dan Xost-1-ga ping yuboramiz:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 msQuyida biz BGP jadvalida xos MAC manzilli 2-turdagi marshrutni ko'rishimiz mumkin - 5001.0007.0007 va 5001.0008.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iKeyinchalik, siz MAC xosti haqida ma'lumot olgan Yangilash haqida batafsil ma'lumotni ko'rishingiz mumkin. Quyida buyruq chiqishining hammasi emas.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! ΠΎΡΠΏΡΠ°Π²ΠΈΠ» Update Ρ MAC Host. ΠΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ Π°Π΄ΡΠ΅Ρ VPC, Π° Π°Π΄ΡΠ΅Ρ Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! Ρ ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΡΡΠΎΠΈΠΌ VxLAN ΡΠΎΠ½Π½Π΅Π»Ρ
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! ΠΠΎΠΌΠ΅Ρ VNI, ΠΊΠΎΡΠΎΡΡΠΉ Π°ΡΡΠΎΡΠΈΠΈΡΠΎΠ²Π°Π½ Ρ VLAN, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π½Π°Ρ
ΠΎΠ΄ΠΈΡΡΡ Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Π’ΡΡ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ RT ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π»ΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² AS ΠΈ VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>Keling, zavoddan o'tkazilganda ramkalar qanday ko'rinishini ko'rib chiqaylik:
Bostirish - ARP
Ajoyib, endi bizda mezbonlar o'rtasida L2 aloqasi bor va biz u erda tugatishimiz mumkin. Biroq, hammasi ham oddiy emas. Bizda bir nechta xostlar bor ekan, hech qanday muammo bo'lmaydi. Ammo keling, yuzlab va minglab mezbonlarimiz bo'lgan vaziyatni tasavvur qilaylik. Biz qanday muammoga duch kelishimiz mumkin?
Bu muammo BUM (Broadcast, Unknown Unicast, Multicast) trafigidir. Ushbu maqolada biz translyatsiya trafigini hal qilish variantini ko'rib chiqamiz.
Ethernet tarmoqlaridagi asosiy Broadcast generator bu ARP protokoli orqali xostlardir.
Nexus ARP so'rovlariga qarshi kurashish uchun quyidagi mexanizmni amalga oshiradi - suppress-arp.
Bu xususiyat quyidagicha ishlaydi:
- Xost-1 o'z tarmog'ining Broadcast manziliga APR so'rovini yuboradi.
- So'rov Leaf kalitiga etib boradi va bu so'rovni Xost-2 ga o'tkazish o'rniga, Leaf o'zi javob beradi va kerakli IP va MACni ko'rsatadi.
Shunday qilib, Broadcast so'rovi zavodga bormadi. Leaf faqat MAC manzilini bilsa, bu qanday ishlaydi?
Hammasi juda oddiy, EVPN marshrut turi 2, MAC manzilidan tashqari, MAC/IP kombinatsiyasini uzatishi mumkin. Buni amalga oshirish uchun siz Leaf-dagi VLAN-da IP-manzilni sozlashingiz kerak. Savol tug'iladi, qanday IP belgilashim kerak? Nexus-da barcha kalitlarda taqsimlangan (bir xil) manzil yaratish mumkin:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ»ΡΠ·Π° ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ ΠΊΠΎΠΌΠΌΡΡΠ°ΡΠΎΡΠ°ΠΌΠΈ
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! Π½Π° Π²ΡΠ΅Ρ
Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΉ IP
fabric forwarding mode anycast-gateway ! Π³ΠΎΠ²ΠΎΡΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Virtual macShunday qilib, xostlar nuqtai nazaridan tarmoq quyidagicha ko'rinadi:
BGP l2route evpn ni tekshiramiz
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>Buyruqning chiqishidan ko'rishingiz mumkinki, EVPN marshrut-turi 2 da, MAC-dan tashqari, biz endi xost IP-manzilini ham ko'ramiz.
Keling, suppress-arp sozlamalariga qaytaylik. Bu sozlama har bir VNI uchun alohida yoqilgan:
interface nve1
member vni 10000
suppress-arpKeyin ba'zi murakkabliklar paydo bo'ladi:
- Ushbu xususiyat ishlashi uchun TCAM xotirasida bo'sh joy talab qilinadi. Suppress-arp sozlamalariga misol:
hardware access-list tcam region arp-ether 256Ushbu sozlama ikki marta kenglikni talab qiladi. Ya'ni, agar siz 256 ni o'rnatgan bo'lsangiz, u holda TCAM-da 512-ni bo'shatish kerak.TCAM-ni sozlash ushbu maqola doirasidan tashqarida, chunki TCAM-ni sozlash faqat sizga yuklangan vazifaga bog'liq va bir tarmoqdan boshqasiga farq qilishi mumkin.
- Suppress-arpni amalga oshirish barcha Leaf kalitlarida bajarilishi kerak. Biroq, VPC domenida joylashgan Leaf juftlarini sozlashda murakkablik paydo bo'lishi mumkin. Agar TCAM o'zgartirilsa, juftliklar orasidagi izchillik buziladi va bitta tugun ishdan chiqishi mumkin. Bundan tashqari, TCAM o'zgartirish sozlamalarini qo'llash uchun qurilmani qayta ishga tushirish talab qilinishi mumkin.
Natijada, sizning vaziyatingizda ushbu sozlamani ishlaydigan zavodga kiritishga arziydimi yoki yo'qligini diqqat bilan o'ylab ko'rishingiz kerak.
Bu seriyaning birinchi qismini yakunlaydi. Keyingi qismda biz VxLAN tarmog'i orqali tarmoqlarni turli VRF-larga bo'lish orqali marshrutlashni ko'rib chiqamiz.
Va endi men hammani taklif qilaman , unda men sizga kurs haqida batafsil aytib beraman. Ushbu vebinarda ro'yxatdan o'tgan birinchi 20 ishtirokchi translyatsiyadan keyin 1-2 kun ichida elektron pochta orqali chegirma sertifikatini oladi.
Manba: www.habr.com